The Myantispyware team has discovered AdsExhaust, a sneaky adware that targets computers to silently click on ads for profit. It isn’t your typical adware that bombards you with pop-ups, but it’s still bad news.
VirusTotal flagged AdsExhaust as malicious:
AdsExhaust can slip onto your system through bundled software or tricky ads. Once it’s there, it uses scripts to gather your system info, take screenshots, and even get your location. It mainly focuses on Microsoft Edge, checking if it’s open and idle. When that happens, AdsExhaust opens more Edge tabs and visits specific websites, clicking on ads to generate revenue.
This sneaky adware can cause serious problems. Not only can it compromise your privacy, but it can also lead you to harmful websites where you might pick up even more malware. It could even cause financial loss or identity theft by secretly downloading other malicious software.
💡 If you suspect that AdsExhaust is on your computer, you should remove the adware as soon as possible. Follow the steps below to protect your system from this threat.
Table of Contents
What is AdsExhaust
AdsExhaust is a type of adware, but unlike most adware that shows ads in its interface, AdsExhaust works behind the scenes. AdsExhaust often sneaks into devices through a batch file in an archive. Once inside, it drops several VBScript and PowerShell files to stay persistent in your system. One of these scripts collects information like your device name, operating system details, username, IP address, and even captures screenshots and geolocation data.
The key PowerShell script then keeps an eye on your Microsoft Edge browser. If Edge is open and idle for more than nine minutes, AdsExhaust opens new tabs and loads specific websites. The script can even scroll through these sites and click on ads, earning money for its creators.
This adware is programmed to search for keywords and click on ads labeled as “Sponsored”, aiming to make money from affiliate programs. This becomes more risky as some of these ads may lead to harmful or malicious websites, potentially adding more dangerous software to your system.
AdsExhaust stops its operations and hides when it detects user activity, making it tricky to notice. It can also create overlays to hide what it’s doing.
To get rid of AdsExhaust, you need to stop any related processes, get rid of the malicious programs and browser extensions, and reset your browser settings. Make sure you keep your computer safe by regularly checking for malware with trusted security software and being mindful of what you download and where you browse.
Risks and Consequences:
- It might also be used to deliver another unwanted software.
- VirusTotal and other cybersecurity platforms have flagged the AdsExhaust app as malicious, associating it with “trojan.runner/fragtor” and other Malware/Trojan detections.
- Redirected websites might host malware that can infect users’ devices, compromising their data and overall system security.
- Some redirected sites could be phishing platforms that attempt to steal users’ sensitive information, such as login credentials and financial data.
- Malicious websites might prompt users to enter their payment details, leading to unauthorized transactions or financial theft.
- Users might unknowingly expose their personal and confidential information to cybercriminals through these redirected sites.
Threat Summary
Names | AdsExhaust, AdsExhaust.exe |
Type | PUA (Potentially Unwanted Application), PUP (Potentially Unwanted Program) |
Affected Browser Settings | home page, search provider, newtab URL |
Detection Names (installer) | ANO-Antivirus (Trojan.Script.Agent.khixek), Tencent (Win32.Trojan-Downloader.Downloader) |
Distribution | Misleading pop-up ads, freeware installers (bundling) |
Symptoms | Unwanted changes to system settings, redirects, ads |
Risks | Privacy invasion, system security compromise, fraud |
Removal | Use the AdsExhaust removal guide |
Malware examples
Malware is a constant threat to computer security, and it comes in many different forms. Some malware can steal your personal information, while others can take control of your computer or encrypt your files and demand a ransom. It’s important to stay vigilant and protect your computer from these threats. Below, we will list some examples of malware programs that you should be aware of, so that you can take steps to protect your computer from them.
Here are some examples of malware programs: Winlogson.exe, Your File Is Ready To Download.iso virus, Altruistics virus, Dropbox Update Setup Virus, AnarchyGrabber Stealer and DPD Delivery Email virus, although, of course, there are many more.
Protecting your computer from malware is essential to keeping your personal data and online accounts safe. By following safe browsing practices, using anti-virus software, and staying up-to-date with the latest security patches, you can reduce your risk of becoming a victim of malware. If you suspect that your computer has been infected with malware, take immediate action to remove it and secure your system.
How to remove AdsExhaust from Windows 11 (10, 8, 7, XP)
If AdsExhaust has made its way onto your Windows computer, it’s crucial to act swiftly. This unwanted app can compromise your browsing experience and security. In the steps ahead, we’ll outline a straightforward process to help you effectively remove AdsExhaust from your system. Let’s get started.
To remove AdsExhaust, perform the steps below:
- Kill AdsExhaust proces
- Disable AdsExhaust start-up
- Uninstall any suspicious programs
- Reset Browser Settings
- Scan your computer for malware
Read this section to know how to manually remove the AdsExhaust app. Even if the step-by-step guide does not work for you, there are several free removers below which can easily handle such hijackers.
Kill AdsExhaust process
Press CTRL, ALT, DEL keys together.
Click Task Manager. Select the “Processes” tab, look for “AdsExhaust” then right-click it and select “End Task” or “End Process” option. If your Task Manager does not open or the Windows reports “Task manager has been disabled by your administrator”, then follow the guide: How to Fix Task manager has been disabled by your administrator.
This malware masks itself to avoid detection by imitating legitimate Microsoft Windows processes. A process is particularly suspicious: it’s taking up a lot of memory (despite the fact that you closed all of your applications), its name is not familiar to you (if you’re in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).
Disable AdsExhaust start-up
Select the “Start-Up” tab, look for something suspicious that is the AdsExhaust virus, right click to it and select Disable.
Close Task Manager.
Uninstall any suspicious programs
Check your computer for any suspicious programs or extensions and uninstall them. To do this, go to the Control Panel (on Windows) or Applications (on Mac) and uninstall any programs that you don’t recognize or that you think may be associated with the AdsExhaust app.
Windows 7 | Windows 8 |
---|---|
|
|
Windows 10 | Mac OS |
|
|
Reset Browser Settings
If AdsExhaust has altered your browser settings, you should reset them.
Chrome:
- Go to the three vertical dots on the top right corner > Settings.
- Scroll down and click on Advanced.
- Under ‘Reset and clean up’, click on ‘Restore settings to their original defaults’ > Reset.
Firefox:
- Go to the three horizontal lines on the top right > Help.
- Choose ‘Troubleshooting Information’ > Refresh Firefox.
Safari:
- Go to Safari > Preferences > Advanced.
- Check the box next to ‘Show Develop menu in menu bar.’
- From the toolbar, click Develop > Empty Caches.
If these steps do not remove AdsExhaust from your browser, it is recommended to use a trusted antivirus program to scan your computer for any associated malware or viruses.
Scan your computer for malware
It is possible that AdsExhaust came bundled with PUPs (potentially unwanted programs) and other unwanted software. To ensure that your computer is clean, run a full system scan with a reputable antivirus software.
You can automatically get rid of PUAs with MalwareBytes. Malwarebytes is a reputable anti-malware software that is commonly used to remove various types of malware, including unwanted apps like AdsExhaust.
- Download Malwarebytes by clicking on the link below. Save it on your Windows desktop.
Malwarebytes Anti-malware
326377 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once the download is done, close all applications and windows on your personal computer. Open a folder in which you saved it. Double-click on the icon that’s named MBsetup.
- Choose “Personal computer” option and press Install button. Follow the prompts.
- Once installation is finished, scan your computer. Run a full scan of your computer to detect and remove any PUAs and other forms of malware. The scan may take several minutes to complete, depending on the size of your hard drive and the speed of your computer.
- Remove detected threats. If the scan finds any threats, click Quarantine to remove them. The software will automatically remove the PUA and any associated malware. After the removal process is complete, restart your computer to ensure that any changes made by the hijacker are fully removed.
The following video demonstrates how to remove hijackers, adware and other malware with MalwareBytes.
What to Do After Removing the adware
After successfully removing the AdsExhaust adware from your computer, it is important to take some additional steps to ensure that your computer and personal information remain secure. Here are some recommended actions to take:
- It’s important to change your browser settings back to your preferred search engine and homepage. Make sure that AdsExhaust is completely removed from your browser’s settings and that it cannot reappear.
- If you entered any sensitive information such as login credentials or passwords while the adware was active, change them immediately. This will prevent any potential identity theft or unauthorized access to your accounts.
- To remove any traces of the unwanted app, clear your browser history and cache. This will help ensure that any data or information collected by the hijacker is removed from your system.
- Use a reputable anti-malware program like Malwarebytes to scan your computer for any remaining malware or potentially unwanted programs (PUPs). This can help ensure that there are no hidden threats or malicious files on your computer.
- Make sure that your browser and operating system are up-to-date with the latest security patches and updates. This can help prevent future security issues and keep your system protected.
- To avoid getting infected with similar malware in the future, be cautious of downloads and only download from reputable sources. Avoid clicking on suspicious links or downloading attachments from unknown sources.
Conclusion
AdsExhaust is an adware. This can disrupt your browsing experience and potentially expose your personal and financial information to cyber threats.
Bottom Line: Avoid ignoring signs of suspicious activity such as frequent pop-ups and unexpected page redirects. The best course of action is to promptly clean your browser and system to maintain a secure digital environment. 🛡️💻
Stay cautious about the websites you visit and the programs you install. Regular updates and careful monitoring of your browser and computer settings can greatly minimize the risks of encountering such security issues. 🤔